Is there anyway to analyze trans data in SplunkStorm?
Here is what I have:
transaction is defined by beginTour and EndTour by user_id
Within a transaction, there could be any number of activties (events) taken by user_id

I want to be able to average distinct number of activities by user_id when taking tours ( a user_id may have many transactions/tours, so each transaction having distinct number of activities, then averaging that dc(activites) number accross transactions by user_id).

Also, is it possible to calculate the avg time spent on each event by user_id for each tour?
Is there anyway to define transaction within transaction and be able to add a field to the outer trans for avg inner trans duration?

even though the extract caused the fields to be recognized by Splunk and the user_id under interesting fields shows up with 14 values, still when I do the following, it only comes back with user NULL and one avg value. I was hoping to get avg(duration) calculated for each user_id based on the trans duration values:

source=xxxx | transaction user_id keeporphans=f maxspan=-1 maxpause=-1 startswith="BeginTour" endswith="EndTour" mvraw=t delim="," mvlist=user_id |
extract pairdelim=",", kvdelim=":" | stats avg(duration) AS avg_dur by user_id
Thanks